Microsoft Defender for EndpointFormerly Microsoft Defender ATP
Overview
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…
A reliable End to end security package.
Perfect Endpoint Security, Exposure Detection and Management Tool.
Microsoft Defender for Endpoint Review
Quick to rollout and get going, but takes some tweaking to optimize.
Microsoft Defender Review
The one stop security shop for the endpoints
Decent Protection for your endpoints
Microsoft Defender for Endpoint, a must for every Windows based IT setup
"Microsoft Defender for Endpoint One of the best tool to manage threat, Vulnerability and Compliance of the endpoints."
Secure workstations with MDE
Defender for Endpoint - First class EDR and more.
A Comprehensive Look at Microsoft Defender for Endpoint. Defending with Style
Defend, Detect, Excel with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint
How Microsoft Defender for Endpoint Differs From Its Competitors
Components
Protection Scope
Components
- Vulnerability Management
- Baseline Assessments
- Device Discovery
- Endpoint Security Policies
- Automated Remediation
- Dynamic Device Tagging
- Endpoint DLP
- Web Content Filtering
- Live Response
- Unified integration with Defender for Cloud
- Always remediate PUA
- Device Deception (Preview)
- Download quarantined files
- Evaluatio…
Protection Scope
Components
Endpoint Detection and Response (EDR) : Organizations can investigate security incidents, collect pertinent data, and implement the necessary remediation activities to eliminate and contain threats by using …
Protection Scope
We are protecting over 30 Windows devices for our company, as well as more than 50 Windows and macOS devices for one of our customers. We also use Microsoft Intune to manage over …
Components
Protection Scope
Components
Threat & Vulnerability Management
Intune Integration
Microsoft Defender Antivirus
Microsoft Defender SmartScreen
Attack Surface Reduction
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
- Attack Surface Reduction (ASR).
- Next-generation Protection.
- Microsoft Secure Score for Devices.
- Automated Investigation and Remediation (AIR).
Protection Scope
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
It manages the endpoint weaknesses …
Components
Protection Scope
Components
- unified security tools and centralized management;
- next-generation antimalware;
- attack surface reduction rules;
- device control (such as USB);
- endpoint firewall;
- network protection;
- device-based conditional access.
In current case we follow go and use …
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Components
Components
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Malware Detection (53)8.585%
- Infection Remediation (52)8.282%
- Anti-Exploit Technology (51)8.080%
- Centralized Management (52)7.979%
Reviewer Pros & Cons
Pricing
Academic
$2.50
Standalone
$5.20
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Demos
Microsoft Defender for Endpoint Overview
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8Anti-Exploit Technology(51) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 8.5Endpoint Detection and Response (EDR)(51) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 7.9Centralized Management(52) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 7.8Hybrid Deployment Support(10) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.2Infection Remediation(52) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.3Vulnerability Management(50) Ratings
Vulnerability prioritization for fixes.
- 8.5Malware Detection(53) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Microsoft Defender for Endpoint?
Rapidly
stops threats: Protects against sophisticated threats such as
ransomware and nation-state attacks.
Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.
Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.
Microsoft Defender for Endpoint Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
Microsoft Defender for Endpoint Screenshots
Microsoft Defender for Endpoint Video
Microsoft Defender for Endpoint Competitors
Microsoft Defender for Endpoint Technical Details
Deployment Types | On-premise |
---|---|
Operating Systems | Windows |
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(174)Attribute Ratings
Reviews
(1-25 of 34)Microsoft Defender deep dive
- It has a fantastic threat detection which ensure every threat activity is noted and response taken immediately.
- MS Defender SI best in analytic and report of threats
- There is no bad comment about this tool is perfect for the time I have used it.
- It has a very intuitive and user-friendly UI that enables my team and I to navigate through it and respond to any threat efficiently.
- It's extensive dashboard gives a complete view of all our endpoint soo we can spot any potential threat and exposure across the networks.
- Robust detection and response capabilities that detect abnormal behavior, potential threats, and attacks as they happen and remediate and block any threat.
- Insights enable us to get to the root cause of incidents and alerts for deep investigation.
- It also provide a powerful 365 protection against any threat.
- It is pretty limited when it comes to devices that are not Microsoft-based. Adding a device is quite a task.
- False positives.
- Sophisticated automated investigation and response features.
- Exclusions during scanning are hard to spot.
- I always have to submit request for whitelisting apps.
The one stop security shop for the endpoints
- Vulnerability Management is without a doubt one of the most efficient features of Microsoft Defender for Endpoint. It provides enough details about the vulnerability, its impact and the remediation as well.
- The latest addition of 'Endpoint Security Policies' has been a very well thought and insightful feature that relieves the security analysts from the hassle of switching to Intune just for reviewing the endpoint security policies.
- 'Automated Remediation' is a boon to many organizations across the industry that helps in responding to ongoing attacks at machine speed. Microsoft Defender for Endpoint does it quite well in terms of accuracy and quickness.
- Dynamic device tagging feature has been an underrated feature from Microsoft Defender for Endpoint. It is such a reliable and efficient feature that saves a lot of time whether you are dealing with vulnerabilities or incidents.
- While 'Vulnerability Management' is one of my favorite features, I do feel that it has been the same for quite some time and now it should have some integration capabilities to do actions like inform the affected users, or take small actions like updating the OS, sending prompts to devices etc.
- I think most people will agree with me when I say that 'Baseline Assessments' feature should now have more standards added to its inventory. CIS and STIG are the only ones available in this feature without any updates for a long time now.
- Device Discovery while a good feature is appearing to somewhat unstable in nature. It does not provide admins with enough details and any actions to take on the discovered devices.
Microsoft Defender for Endpoint will be a great choice when you are a big organization (more than 500 endpoints) and are dealing with customer data from a critical industry.
Although if you lie in the SMB segment, taking standalone Microsoft Defender for Endpoint plans will make you confused about which features to go for and which ones to let go off. Hence, explore other options here.
"Microsoft Defender for Endpoint One of the best tool to manage threat, Vulnerability and Compliance of the endpoints."
- It provides a unified security experience when combined with other Microsoft products such as Microsoft Defender for 365 and Azure Defender.
- It has an excellent dashboard and centralized view that make it easy to see and control everything from one location.
- It's an EDR tool designed to help you understand incidents and alerts better.
- Real-time detection of attacks and prompt endpoint device responses. It effortlessly interacts with additional Microsoft security products.
- I must admit that I haven't discovered anything major regarding this product.
- It has limited integration options with third party security products.
- Sometime Automated Response is slow.
Defender for Endpoint - First class EDR and more.
- One of the strong points is that AI is tightly integrated into the platform, which leads to excellent detection.
- Vulnerability management is very useful for assessing tracking, and mitigating threats across all protected devices.
- KQL integration is very good.
- Licensing between Defender for Endpoint and Servers is complicated.
- Deployment has improved but is not really streamlined. There is no single installer available and no single way of deploying settings.
- The Defender portal is rich in information but can be complicated to use.
- Defender for Endpoint uses cutting-edge threat detection technologies, such as behavioral analysis and machine learning, to recognize and neutralize both known and undiscovered threats. Even the most complex and elusive malware and exploits can be found by it.
- By providing threat analytics, it enables proactive threat prevention and mitigation by assisting organizations in understanding their security posture and trends over time.
- It offers immediate insight into threat activity and endpoint security. Security teams can react quickly to threats since they can see what's happening across all of the devices in their organization.
- For enterprises using the platform for the first time, the initial setup and configuration can be challenging. The experience might be enhanced by streamlining the onboarding procedure and offering more user-friendly setting wizards.
- It might be difficult to afford, especially for smaller firms. The solution might be more widely available if it had a more open and flexible price structure, particularly for smaller enterprises.
- Organizations could better address the escalating problems with cloud security with the help of enhanced functionality for monitoring and managing cloud apps and services.
It's well-suited for organizations with a mix of on-premises and cloud resources.
Azure AD integration allows for seamless identity management in hybrid environments. While it supports hybrid environments, organizations with extremely complex on-premises setups may find it challenging to integrate.
Microsoft Defender for Endpoint
- Quick response to all threats across all devices protected.
- Help pick up vulnerabilities in systems which previously have gone unidentified.
- Centrally Managed with a single pane of glass view is super handy and useful.
- The only thing I think that can be improved on is the reporting.
Microsoft defended for endpoint user experience review.
- The threat detection is very good in Defender, during log4j exploitation we got a great deal of support from the Defender, and proactive coverage was received.
- During a recent security incident in our organization, the defender support team was quick to hop in and release the emergency patches and malware signature updates via hotfix, which has helped us deal with the security incident proactively.
- The ease of deployment on the endpoint and scanning feature, which consume minimal resources, and the offline and online coverages of threats are great advantages of Defender.
- Sometimes interacting with the support becomes difficult and more technical side, people who can understand customer concerns better will be of great help.
- Offline coverage can be even better.
- So far, I have had the best experience with defenders, and there is not much to complain about defenders.
Microsoft Defender for Microsoft Endpoint.
- Threat Protection.
- Endpoint Detection and Response (EDR),
- Advanced Analytics.
- Linux VMs.
- MAC OS VMs.
- iOS Platform.
My experience using Microsoft Defender for Endpoint
- Notifications (alerts)
- Register and control of a big amount of devices
- Complete antimalware
- Problems to run integrations with other tools
- Security policies setup is hard
- Technical documentation
Defender is the default choice for a Microsoft shop
- End Point Protection in real time
- Security Dashboard for CISOs
- End point detection and Response
- Don't have any points to add here
If your customers are spread across multiple geographies, then Defender can help you setup Compliance policies based on each reason which reduces the efforts from DPO significantly.
Apart from these, I feel it is a feature rich and stable EDR product.
Endpoint protection products that are easy to use and configure
- The ability to provide decision support (or content about alerts) is powerful and allows us to become experts in analytics rather than in a specific technology
- Microsoft Defender provides security for unmanaged devices on corporate networks
- Microsoft Defender for Endpoint is a service in the Microsoft Defender Security Center. By adding and deploying client provisioning profiles, configuration administrators can monitor deployment status and obtain endpoint agent health status using Microsoft Defender.
- Windows Defender isn't perfect. It may miss some threats, especially new and sophisticated threats. So it’s important to supplement it with other security measures.
- Even though Windows Defender does a good job, it can't protect you from everything. Therefore, it is important to be aware of the risks and take steps to protect your computer, such as using complex passwords and being careful about clicking on anything, especially email attachments and some tech support scam calls.
Easy and Reliable to Use
- Auditing of All Endpoints and Events
- Real-Time Protection
- Configuration and Deployment of the Product
- It evolves as threats do, but keeping up with threats is always a concern.
Protective Defensive Defender
along with the external threats , Resourceful finding the vulnerabilities and anomalous activity.
- Embedded security sensors are there with no 3rd party software involvement.
- vulnerabilities detection speed is good.
- secured access to the remote access machines
- detailed information regarding possible threats
- third party apps are limited with limited access.
- challenging configuration of devices with affecting system performance
- initialization of the new access devices may be time consuming
Microsoft Endpoint Defender - A powerful security system in place
- Incidence Response
- Threat Intelligence
- Real time monitoring
- Third party integration with Microsoft defender for endpoint is tough as its not compatible with many systems
- Custom rule creation and enhanced analytics features needs a lot of improvement
- It should be compatible with MacOS and Linux as well
Microsoft Defender for Endpoints does its job well
- Keeps your device safe
- Protects from threats and malware
- Integrated with other Microsoft solutions
- Worth the money
- Microsoft could work better with rumors that the software is missing some of the threats in comparison to similar products.
- UX/UI could be improved
Other companies most probably should look for another big player with similar product that provides wide range of higher level functionality for corresponding IT team.
Best protection from Microsoft.
- Offline protection.
- Actively scan files and process them in the background.
- Protection history.
- Scheduled scans.
- Performance optimizations.
- Incorporate behavior analysis.
- Improve user interface and usability.
One stop shop for endpoint protection
- Blocking USB and External Media
- Vulnerability Reporting
- Proactive Alerting
- Lots of upfront configuration necessary
- Tons of configuration options
- Hard to deploy to Macs
Microsoft Defender for Endpoint has come a long way and the journey has improved it
- Accurate, not alot of false positives
- Easy to maintain after initial setup
- Onboarding can be tricky if you don't have the right tools or a large deployment
- Much like other MS products, logs and settings are buried all over the UI
Microsoft Defender for Endpoint Review
- Doing well is being able to detect issues. It does that!
- I'm not sure, because we recently had a cyber attack that affected a lot of our endpoints, and we've been trying to recover for the last year and a half on that, and I'm not sure that it's something the Defender for Endpoint would've been able to assist with. So I don't really have an answer for that, honestly.
Microsoft Defender for Endpoint Review
- I really enjoy the level that we get with our licensing for the timeline on devices, being able to see what happened when it happened down to the millisecond to know exactly what happened when someone clicked something, did something bad, installed something bad, or whichever. And the alert monitoring is really useful for sending emails whenever there's anything that's remotely detected, even if it's a false positive.
- I'm having a hard time thinking of anything because we get all of the endpoint tools available to us with our licensing level and we use them as much as we need to. There are some that we're still kind of figuring out that we should be using more of. So I can't think of anything right now.
Microsoft Defender for Endpoint Review
- Give me alerts, I guess. Give me time alerts and detailed information of what's actually happening.
- It could be a little bit easier to export data because right now I don't think there's a way to actually export. If someone wants to report for something, there's no way to do it without making really awkward screenshots.
Microsoft Defender for Endpoint Review
- It just works. I don't have to spend a lot of time tweaking, setting up, getting new signatures, things like that. So it just works.
- No, none. I don't need that. I'm happy with it.
Microsoft Defender for Endpoint Review
- I mean it works out of the box when we're doing updates. This is also updated through the same process. I don't need a separate process to move antivirus definitions. So air gap networks, I'm already moving things for patches, so it's very seamless and it's integrated with our current processes.
- I just use it to meet compliance requirements. Obviously it could be better, but it meets our needs for now.
Microsoft Defender for Endpoint Review
- This product does really well on the integration with the other Microsoft products such as Sentinel Defender for cloud apps. So they all talk to each other very well.
- It could have room for improvement for the time to update from the client machine to the cloud portal. It's not bad, but it takes a while for it to update the configurations.